mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-23 06:42:27 +00:00
tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1.
Most logic throughout Heads doesn't need to know TPM1 versus TPM2 (and shouldn't, the differences should be localized). Some checks were incorrect and are fixed by this change. Most checks are now unchanged relative to master. There are not that many places outside of tpmr that need to differentiate TPM1 and TPM2. Some of those are duplicate code that should be consolidated (seal-hotpkey, unseal-totp, unseal-hotp), and some more are probably good candidates for abstracting in tpmr so the business logic doesn't have to know TPM1 vs. TPM2. Previously, CONFIG_TPM could be variously 'y', 'n', or empty. Now it is always 'y' or 'n', and 'y' means "any TPM". Board configs are unchanged, setting CONFIG_TPM2_TOOLS=y implies CONFIG_TPM=y so this doesn't have to be duplicated and can't be mistakenly mismatched. There were a few checks for CONFIG_TPM = n that only coincidentally worked for TPM2 because CONFIG_TPM was empty (not 'n'). This test is now OK, but the checks were also cleaned up to '!= "y"' for robustness. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
parent
d51993b6a9
commit
b500505312
@ -20,7 +20,7 @@ for cbfsname in `echo $cbfsfiles`; do
|
||||
|| die "$filename: mkdir failed"
|
||||
cbfs -t 50 -r $cbfsname > "$filename" \
|
||||
|| die "$filename: cbfs file read failed"
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
TMPFILE=/tmp/cbfs.$$
|
||||
echo "$filename" > $TMPFILE
|
||||
cat $filename >> $TMPFILE
|
||||
|
@ -126,7 +126,7 @@ while true; do
|
||||
# flash cleared ROM
|
||||
/bin/flash.sh -c /tmp/config-gui.rom
|
||||
# reset TPM if present
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
/bin/tpm-reset
|
||||
fi
|
||||
whiptail --title 'Configuration Reset Updated Successfully' \
|
||||
|
@ -173,7 +173,7 @@ update_totp()
|
||||
TRACE "Under /bin/gui-init:update_totp"
|
||||
# update the TOTP code
|
||||
date=`date "+%Y-%m-%d %H:%M:%S %Z"`
|
||||
if [ "$CONFIG_TPM" = n ]; then
|
||||
if [ "$CONFIG_TPM" != "y" ]; then
|
||||
TOTP="NO TPM"
|
||||
else
|
||||
TOTP=`unseal-totp`
|
||||
@ -513,7 +513,7 @@ prompt_totp_mismatch()
|
||||
reset_tpm()
|
||||
{
|
||||
TRACE "Under /bin/gui-init:reset_tpm"
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
if (whiptail $BG_COLOR_WARNING --title 'Reset the TPM' \
|
||||
--yesno "This will clear the TPM and TPM password, replace them with new ones!\n\nDo you want to proceed?" 0 80) then
|
||||
/bin/tpm-reset
|
||||
|
@ -48,7 +48,7 @@ fi
|
||||
KEY_DEVICES="$paramsdir/kexec_key_devices.txt"
|
||||
KEY_LVM="$paramsdir/kexec_key_lvm.txt"
|
||||
save_key="n"
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ] && [ "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" != "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ] && [ "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" != "y" ]; then
|
||||
if [ ! -r "$KEY_DEVICES" ]; then
|
||||
read \
|
||||
-n 1 \
|
||||
@ -186,7 +186,7 @@ fi
|
||||
|
||||
# sign and auto-roll config counter
|
||||
extparam=
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ];then
|
||||
if [ "$CONFIG_TPM" = "y" ];then
|
||||
if [ "$CONFIG_IGNORE_ROLLBACK" != "y" ]; then
|
||||
extparam=-r
|
||||
fi
|
||||
|
@ -91,7 +91,7 @@ done
|
||||
cat "$KEY_DEVICES" | cut -d\ -f1 | xargs /bin/qubes-measure-luks \
|
||||
|| die "Unable to measure the LUKS headers"
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" ];then
|
||||
if [ "$CONFIG_TPM" = "y" ] && [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
|
||||
luks_pcr=`tpm calcfuturepcr -ix 16 -if /tmp/luksDump.txt`
|
||||
# HOTP USB Secrity Dongle loads USB modules which changes PCR5.
|
||||
# In the event HOTP USB Security Dongle is enabled, skip verification of PCR5
|
||||
|
@ -315,7 +315,7 @@ do_boot()
|
||||
die "!!! Missing required boot hashes"
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ] && [ -r "$TMP_KEY_DEVICES" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ] && [ -r "$TMP_KEY_DEVICES" ]; then
|
||||
INITRD=`kexec-boot -b "$bootdir" -e "$option" -i` \
|
||||
|| die "!!! Failed to extract the initrd from boot option"
|
||||
if [ -z "$INITRD" ]; then
|
||||
@ -359,7 +359,7 @@ while true; do
|
||||
user_select
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
if [ ! -r "$TMP_KEY_DEVICES" ]; then
|
||||
# Extend PCR4 as soon as possible
|
||||
tpmr extend -ix 4 -ic generic \
|
||||
@ -372,7 +372,7 @@ while true; do
|
||||
scan_options
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
# Optionally enforce device file hashes
|
||||
if [ -r "$TMP_HASH_FILE" ]; then
|
||||
valid_global_hash="n"
|
||||
|
@ -23,7 +23,28 @@ echo "DEBUG: CONFIG_TPM2_TOOLS: $CONFIG_TPM2_TOOLS"
|
||||
echo "DEBUG: Show PCRs"
|
||||
pcrs
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" ];then
|
||||
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_ATTEST_TOOLS" = "y" ]; then
|
||||
echo "Bring up network for remote attestation"
|
||||
network-init-recovery
|
||||
fi
|
||||
for tries in 1 2 3; do
|
||||
if [ "$CONFIG_AUTO_UNLOCK" = "y" ]; then
|
||||
tpmr unseal "0x8100000$TPM_INDEX" "sha256:0,1,2,3,4,5,6,7" > "$key_file"
|
||||
else
|
||||
tpmr unseal "0x8100000$TPM_INDEX" "sha256:0,1,2,3,4,5,6,7" "file:-" > "$key_file"
|
||||
fi
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
# should be okay if this fails
|
||||
shred -n 10 -z -u /tmp/secret/sealed 2> /dev/null || true
|
||||
exit 0
|
||||
fi
|
||||
|
||||
pcrs
|
||||
warn "Unable to unseal disk encryption key"
|
||||
done
|
||||
elif [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpm nv_readvalue \
|
||||
-in "$TPM_INDEX" \
|
||||
-sz "$TPM_SIZE" \
|
||||
@ -59,27 +80,6 @@ if [ "$CONFIG_TPM" = "y" ];then
|
||||
pcrs
|
||||
warn "Unable to unseal disk encryption key"
|
||||
done
|
||||
elif [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_ATTEST_TOOLS" = "y" ]; then
|
||||
echo "Bring up network for remote attestation"
|
||||
network-init-recovery
|
||||
fi
|
||||
for tries in 1 2 3; do
|
||||
if [ "$CONFIG_AUTO_UNLOCK" = "y" ]; then
|
||||
tpmr unseal "0x8100000$TPM_INDEX" "sha256:0,1,2,3,4,5,6,7" > "$key_file"
|
||||
else
|
||||
tpmr unseal "0x8100000$TPM_INDEX" "sha256:0,1,2,3,4,5,6,7" "file:-" > "$key_file"
|
||||
fi
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
# should be okay if this fails
|
||||
shred -n 10 -z -u /tmp/secret/sealed 2> /dev/null || true
|
||||
exit 0
|
||||
fi
|
||||
|
||||
pcrs
|
||||
warn "Unable to unseal disk encryption key"
|
||||
done
|
||||
fi
|
||||
|
||||
die "Retry count exceeded..."
|
||||
|
@ -184,7 +184,7 @@ generate_checksums()
|
||||
rm /boot/kexec* 2>/dev/null
|
||||
|
||||
# create Heads TPM counter
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ];then
|
||||
if [ "$CONFIG_TPM" = "y" ];then
|
||||
if [ "$CONFIG_IGNORE_ROLLBACK" != "y" ]; then
|
||||
tpmr counter_create \
|
||||
-pwdo "$TPM_PASS_DEF" \
|
||||
@ -309,7 +309,7 @@ report_integrity_measurements()
|
||||
date=`date "+%Y-%m-%d %H:%M:%S %Z"`
|
||||
seconds=`date "+%s"`
|
||||
half=`expr \( $seconds % 60 \) / 30`
|
||||
if [ "$CONFIG_TPM" != "y" -a "$CONFIG_TPM2_TOOLS" != "y" ]; then
|
||||
if [ "$CONFIG_TPM" != "y" ]; then
|
||||
TOTP="NO TPM"
|
||||
elif [ "$half" != "$last_half" ]; then
|
||||
last_half=$half;
|
||||
@ -372,7 +372,7 @@ else
|
||||
fi
|
||||
|
||||
# show warning prompt
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
TPM_STR=" * ERASE the TPM and own it with a password\n"
|
||||
else
|
||||
TPM_STR=""
|
||||
@ -418,7 +418,7 @@ fi
|
||||
if [ -n "$luks_new_Disk_Recovery_Key_passphrase_desired" -o -n "$luks_new_Disk_Recovery_Key_passphrase" ]; then
|
||||
CUSTOM_PASS_AFFECTED_COMPONENTS="LUKS Disk Recovery Key passphrase"
|
||||
fi
|
||||
if [ "$CONFIG_TPM" = "y" ] || [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
CUSTOM_PASS_AFFECTED_COMPONENTS="$CUSTOM_PASS_AFFECTED_COMPONENTS
|
||||
TPM Ownership password"
|
||||
fi
|
||||
@ -461,7 +461,7 @@ else
|
||||
; then
|
||||
echo -e "\nThey must be each at least 8 characters in length.\n"
|
||||
echo
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
while [[ ${#TPM_PASS} -lt 8 ]] ; do
|
||||
echo -e -n "Enter desired TPM Ownership password: "
|
||||
read TPM_PASS
|
||||
@ -608,7 +608,7 @@ elif [ -z "$luks_new_Disk_Recovery_Key_desired" -a -n "$luks_new_Disk_Recovery_K
|
||||
fi
|
||||
|
||||
## reset TPM and set password
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
echo -e "\nResetting TPM...\n"
|
||||
{
|
||||
echo $TPM_PASS
|
||||
@ -723,7 +723,7 @@ else
|
||||
$luks_new_Disk_Recovery_Key_passphrase"
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpm_password_changed="
|
||||
TPM Owner Password: $TPM_PASS\n"
|
||||
else
|
||||
|
@ -27,7 +27,7 @@ else
|
||||
HOTPKEY_BRANDING="HOTP USB Security Dongle"
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ] && [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
|
||||
tpm nv_readvalue \
|
||||
-in 4d47 \
|
||||
-sz 312 \
|
||||
|
@ -28,7 +28,7 @@ dd \
|
||||
|| die "Unable to generate 20 random bytes"
|
||||
|
||||
secret="`base32 < $TOTP_SECRET`"
|
||||
if [ "$CONFIG_TPM" = "y" ];then
|
||||
if [ "$CONFIG_TPM" = "y" ] && [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
|
||||
# Use the current values of the PCRs, which will be read
|
||||
# from the TPM as part of the sealing ("X").
|
||||
# PCR4 == 0 means that we are still in the boot process and
|
||||
|
@ -20,7 +20,9 @@ if [ "$key_password" != "$key_password2" ]; then
|
||||
die "Key passwords do not match"
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
tpmr reset "$key_password"
|
||||
elif [ "$CONFIG_TPM" = "y" ]; then
|
||||
# Make sure the TPM is ready to be reset
|
||||
tpm physicalpresence -s
|
||||
tpm physicalenable
|
||||
@ -34,7 +36,3 @@ if [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpm physicalenable
|
||||
tpm physicalsetdeactivated -c
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
tpmr reset "$key_password"
|
||||
fi
|
||||
|
@ -16,12 +16,11 @@ else
|
||||
. /etc/config
|
||||
fi
|
||||
|
||||
# tpm1 does not need to convert options
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
exec tpm "$@"
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
|
||||
# tpm1 does not need to convert options
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
exec tpm "$@"
|
||||
fi
|
||||
echo >&2 "No TPM2!"
|
||||
exit 1
|
||||
fi
|
||||
|
@ -18,7 +18,7 @@ if [ -n "GUID" ]; then
|
||||
uefi -r $GUID | gunzip -c > $TMPFILE \
|
||||
|| die "Failed to read config GUID from ROM"
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpmr extend -ix "$CONFIG_PCR" -if $TMPFILE \
|
||||
|| die "$filename: tpm extend failed"
|
||||
fi
|
||||
|
@ -38,7 +38,9 @@ if [ "$counter_value" == "" ]; then
|
||||
fi
|
||||
|
||||
#counter_value=$(printf "%d" 0x${counter_value})
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
tpmr unseal 0x81004d47 sha256:0,1,2,3,4,7 >> "$HOTP_SECRET"
|
||||
elif [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpm nv_readvalue \
|
||||
-in 4d47 \
|
||||
-sz 312 \
|
||||
@ -50,8 +52,6 @@ if [ "$CONFIG_TPM" = "y" ]; then
|
||||
-if "$HOTP_SEALED" \
|
||||
-of "$HOTP_SECRET" \
|
||||
|| die "Unable to unseal HOTP secret"
|
||||
elif [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
tpmr unseal 0x81004d47 sha256:0,1,2,3,4,7 >> "$HOTP_SECRET"
|
||||
fi
|
||||
shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null
|
||||
|
||||
|
@ -8,7 +8,10 @@ TOTP_SECRET="/tmp/secret/totp.key"
|
||||
|
||||
TRACE "Under /bin/unseal-totp"
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
tpmr unseal 0x81004d47 sha256:0,1,2,3,4,7 > "$TOTP_SECRET" \
|
||||
|| die "Unable to unseal totp secret"
|
||||
elif [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpm nv_readvalue \
|
||||
-in 4d47 \
|
||||
-sz 312 \
|
||||
@ -20,9 +23,6 @@ if [ "$CONFIG_TPM" = "y" ]; then
|
||||
-if "$TOTP_SEALED" \
|
||||
-of "$TOTP_SECRET" \
|
||||
|| die "Unable to unseal totp secret"
|
||||
elif [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
tpmr unseal 0x81004d47 sha256:0,1,2,3,4,7 > "$TOTP_SECRET" \
|
||||
|| die "Unable to unseal totp secret"
|
||||
fi
|
||||
|
||||
shred -n 10 -z -u "$TOTP_SEALED" 2> /dev/null
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
TRACE "Under /bin/usb-init"
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
# Extend PCR4 as soon as possible
|
||||
tpmr extend -ix 4 -ic usb
|
||||
fi
|
||||
|
@ -41,7 +41,7 @@ recovery() {
|
||||
# ensure /tmp/config exists for recovery scripts that depend on it
|
||||
touch /tmp/config
|
||||
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpmr extend -ix 4 -ic recovery
|
||||
fi
|
||||
|
||||
@ -65,10 +65,10 @@ pause_recovery() {
|
||||
}
|
||||
|
||||
pcrs() {
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
head -8 /sys/class/tpm/tpm0/pcrs
|
||||
elif [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
tpm2 pcrread sha256
|
||||
elif [ "$CONFIG_TPM" = "y" ]; then
|
||||
head -8 /sys/class/tpm/tpm0/pcrs
|
||||
fi
|
||||
}
|
||||
|
||||
@ -85,7 +85,7 @@ confirm_totp()
|
||||
date=`date "+%Y-%m-%d %H:%M:%S"`
|
||||
seconds=`date "+%s"`
|
||||
half=`expr \( $seconds % 60 \) / 30`
|
||||
if [ "$CONFIG_TPM" != "y" -a "$CONFIG_TPM2_TOOLS" != "y" ]; then
|
||||
if [ "$CONFIG_TPM" != "y" ]; then
|
||||
TOTP="NO TPM"
|
||||
elif [ "$half" != "$last_half" ]; then
|
||||
last_half=$half;
|
||||
@ -362,7 +362,7 @@ update_checksums()
|
||||
|
||||
# sign and auto-roll config counter
|
||||
extparam=
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ];then
|
||||
if [ "$CONFIG_TPM" = "y" ];then
|
||||
if [ "$CONFIG_IGNORE_ROLLBACK" != "y" ]; then
|
||||
extparam=-r
|
||||
fi
|
||||
|
@ -115,18 +115,20 @@ if [ "$boot_option" = "r" ]; then
|
||||
# Start an interactive shell
|
||||
recovery 'User requested recovery shell'
|
||||
# just in case...
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpmr extend -ix 4 -ic recovery
|
||||
fi
|
||||
exec /bin/bash
|
||||
exit
|
||||
fi
|
||||
|
||||
# Override CONFIG_TPM from /etc/config with runtime value determined above.
|
||||
# Override CONFIG_TPM and CONFIG_TPM2_TOOLS from /etc/config with runtime value
|
||||
# determined above.
|
||||
#
|
||||
# Values in user config have higher priority during combining thus effectively
|
||||
# changing the value for the rest of the scripts which source /tmp/config.
|
||||
echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user
|
||||
echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user
|
||||
|
||||
combine_configs
|
||||
. /tmp/config
|
||||
@ -172,7 +174,7 @@ else
|
||||
fi
|
||||
|
||||
# belts and suspenders, just in case...
|
||||
if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = y ]; then
|
||||
if [ "$CONFIG_TPM" = "y" ]; then
|
||||
tpmr extend -ix 4 -ic recovery
|
||||
fi
|
||||
exec /bin/bash
|
||||
|
@ -1,6 +1,13 @@
|
||||
# TPM2 tools program
|
||||
modules-$(CONFIG_TPM2_TOOLS) += tpm2-tools
|
||||
|
||||
# CONFIG_TPM means any TPM version. (CONFIG_TPM2_TOOLS differentiates them when
|
||||
# they must be handled differently, which should be localized.) Boards setting
|
||||
# CONFIG_TPM2_TOOLS=y imply CONFIG_TPM=y.
|
||||
ifeq "$(CONFIG_TPM2_TOOLS)" "y"
|
||||
export CONFIG_TPM=y
|
||||
endif
|
||||
|
||||
tpm2-tools_version := 5.2
|
||||
#tpm2-tools_version := 78a7681
|
||||
#tpm2-tools_repo := https://github.com/tpm2-software/tpm2-tools.git
|
||||
|
Loading…
Reference in New Issue
Block a user